This article was originally published in English
The American giant Meta has been condemned by the Irish Data Protection Commission for not having sufficiently protected its users’ passwords.
ADVERTISEMENT
The American company Meta was sentenced to fine of 91 million euros by the Data Protection Commission (DPC) for not having sufficiently protected users’ passwords, the Irish privacy body announced on Friday.
The investigation was launched in April 2019, after Meta informed the Irish authority that it had inadvertently stored some of its social media users’ passwords in “plain text” – that is, without encryption – on its internal systems.
The EU General Data Protection Regulation (GDPR) requires companies to implement appropriate security measures in their processing of personal data.
“It is commonly accepted that user passwords should not be stored in plain text, given the risks of abuse linked to access to this data”says Graham Doyle, deputy commissioner at the Irish DPC, in a press release.
“The passwords examined in this case are particularly sensitive, as they would allow access to users’ social media accounts”he adds.
The Irish regulator submitted a draft decision to other EU national supervisory authorities in June 2024, as required by EU data protection rules. No objection was raised to the amount of the fine.
Meta is not at his first sanction.
In 2023, the American company was sentenced to a record fine of 1.2 billion euros by the DPC for having “continued to transfer personal data” of European users to the United States after a transatlantic data transfer agreement was canceled for surveillance reasons.
In 2022, Meta was also inflicted fined 265 million euros after data of more than 533 million users was found online.
Related News :